Amazon Linux 2

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2025-3077 Related CVEs: CVE-2025-46404 CVE-2025-46705 CVE-2025-46784 CVE-2025-47151 CVE-2021-28091 Upstream summary: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2025-3025 Related CVEs: CVE-2025-4404 CVE-2025-7493 CVE-2025-14905 CVE-2019-14824 CVE-2018-1089 CVE-2017-15135 CVE-2018-1054 CVE-2017-15134  +12 more Upstream summary: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2025-3026 Related CVEs: CVE-2025-4404 CVE-2025-7493 CVE-2024-3183 CVE-2020-25719 CVE-2019-10195 CVE-2019-14867 CVE-2024-1481 CVE-2023-5455  +12 more Upstream summary: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2318 Related CVEs: CVE-2019-12524 CVE-2019-12529 CVE-2019-18677 CVE-2019-18678 CVE-2019-18860 CVE-2021-28116 CVE-2023-46847 CVE-2026-32748  +12 more Upstream summary: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2FIREFOX-2023-009 Related CVEs: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411  +12 more Upstream summary: Service Workers should not be able to infer information about opaque cross-origin responses; but timing […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-1964 Related CVEs: CVE-2023-20032 CVE-2023-20052 CVE-2023-20197 CVE-2024-20505 CVE-2024-20506 Upstream summary: Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and earlier, 0.105.1 […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-1936 Related CVEs: CVE-2017-12613 CVE-2021-35940 CVE-2022-24963 CVE-2023-49582 Upstream summary: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1804 Related CVEs: CVE-2022-1529 CVE-2022-1802 CVE-2020-16044 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683  +12 more Upstream summary: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1796 Related CVEs: CVE-2022-29155 CVE-2019-13565 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36226 CVE-2020-36227  +10 more Upstream summary: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2022-1795 Related CVEs: CVE-2022-25235 Upstream summary: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application […]